[ad_1]
Hi – Since the Content Security Policy directives for sript-src are somehow contradictory (unsafe-inline) and google PageSpeed insights recommends to add a nonce value, i wonder if it is possible to add a nonce value for the optimized and aggregated scripts?
I tried the following:
function add_nonce($tag, $handle, $src) {
$nonce_value = wp_create_nonce('my__script__nonce');
return "<script defer='defer' nonce='".$nonce_value."' src='".$src."'></script>";//Usually the value in $tag variable looks similar to this script tag but without the async and defer
}
add_filter('script_loader_tag', 'add_nonce', 10, 2);This works, but it prevents the aggregation of all scripts.
Is there a valid way to add a nonce attribute to aggregated script?
Is there a filter to capture the moment when aggregation happens and inject a nonce attribute?
Thanks for a feedback.
regards – theo
- This topic was modified 9 hours, 24 minutes ago by .